kernel-source-2.6.8 - several

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:

• CVE-2006-3741
  Stephane Eranian discovered a local DoS (Denial of Service) vulnerability
  on the ia64 architecture. A local user could exhaust the available file
  descriptors by exploiting a counting error in the permonctl() system call.
• CVE-2006-4538
  Kirill Korotaev reported a local DoS (Denial of Service) vulnerability
  on the ia64 and sparc architectures. A user could cause the system to
  crash by executing a malformed ELF binary due to insufficient verification
  of the memory layout.
• CVE-2006-4813
  Dmitriy Monakhov reported a potential memory leak in the
  __block_prepare_write function. __block_prepare_write does not properly
  sanitize kernel buffers during error recovery, which could be exploited
  by local users to gain access to sensitive kernel memory.
• CVE-2006-4997
  ADLab Venustech Info Ltd reported a potential remote DoS (Denial of
  Service) vulnerability in the IP over ATM subsystem. A remote system
  could cause the system to crash by sending specially crafted packets
  that would trigger an attempt to free an already-freed pointer
  resulting in a system crash.
• CVE-2006-5174
  Martin Schwidefsky reported a potential leak of sensitive information
  on s390 systems. The copy_from_user function did not clear the remaining
  bytes of the kernel buffer after receiving a fault on the userspace
  address, resulting in a leak of uninitialized kernel memory. A local user
  could exploit this by appending to a file from a bad address.
• CVE-2006-5619
  James Morris reported a potential local DoS (Denial of Service)
  vulnerability that could be used to hang or oops a system. The seqfile
  handling for /proc/net/ip6_flowlabel has a flaw that can be exploited to
  cause an infinite loop by reading this file after creating a flowlabel.
• CVE-2006-5649
  Fabio Massimo Di Nitto reported a potential remote DoS (Denial of Service)
  vulnerability on powerpc systems. The alignment exception only
  checked the exception table for -EFAULT, not for other errors. This can
  be exploited by a local user to cause a system crash (panic).
• CVE-2006-5751
  Eugene Teo reported a vulnerability in the get_fdb_entries function that
  could potentially be exploited to allow arbitrary code execution with
  escalated privileges.
• CVE-2006-5871
  Bill Allombert reported that various mount options are ignored by smbfs
  when UNIX extensions are enabled. This includes the uid, gid and mode
  options. Client systems would silently use the server-provided settings
  instead of honoring these options, changing the security model. This
  update includes a fix from Haroldo Gamal that forces the kernel to honor
  these mount options. Note that, since the current versions of smbmount
  always pass values for these options to the kernel, it is not currently
  possible to activate unix extensions by omitting mount options. However,
  this behavior is currently consistent with the current behavior of the
  next Debian release, ‘etch’.

The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update:

We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.